The present invention relates to the field of user identification data management and, more particularly, to an autonomous intelligent user identity manager with context recognition capabilities.
The use of various forms of user identification data to validate user access to computing systems is commonplace. Between work-related systems and the plethora of Web sites available via the Internet, users often have multiple combinations of user identification data, and remembering the combinations and their associated applications has become a growing problem.
A variety of approaches have been developed to address the management of user identification data. Examples of current approaches include browser caching, cookies, password wallets, and single-sign-on solutions. Each has unique advantages and disadvantages over the others. For example, browser caching occurs when a browser saves userid/password combinations a first time this information is entered for a given Uniform Resource Locator (URL). Subsequent visits to that URL result in the saved information being used. Browser caching solutions have a limitation in that a userid/password combination will never be automatically entered for a URL identified resource that has never before been visited. Additionally, this solution is client centric so that when a user utilizes multiple different computers, userid/password information stored on one computer must be re-entered for a different computer.
Password wallets establish a cache able to hold a set of userid/password combinations. When a new userid/password combination is needed, a Web browser can access the cache and select a combination. Thus, password wallets can provide a userid/password even when a URL is being visited for a first time. A limitation of password wallets is that a userid/password combination must be manually selected from the password wallet each time a password is required.
Single-sign-on solutions (e.g., OpenID, BLUEID, etc.) allow for an identity to be created, where that identity can be used when logging into URLs that support that identity standard. In such a solution, a userid/password combination must still be manually entered, even though the entered userid/password combination can be the same across all URLs/servers that support that standard of the single-sign-on solution.
Another solution is based on a URL or domain/federation membership that can be pre-configured and then automatically entered when a URL is visited. This is how IBM TIVOLI FEDERATED IDENTITY MANAGER (TFIM) and other similar products function. These solutions have limitations including: pre-configuration can be a complex, yet required process; separate identity management application(s) with associated name servers and/or LDAP servers may be required; and the like.
While all of the above approaches are helpful in many situations, none of them can handle situations where the location (e.g., URL or server) of a software application requiring a userid/password is subject to change. For example, a server farm is often used to provide high-availability Web services or applications. Each time a user accesses an application, the application may be provided by a different server of the server farm. Each server is uniquely identified within the server farm by a different identifier (e.g., URL). The differences in servers result in a user being prompted to enter userid/password information, which has previously been entered for that same application, when a different server was utilized. From an end user perspective, they are being asked to re-enter their userid/password for that application, which can be confusing and frustrating to a user, and which can also induce unnecessary concerns that an illegitimate site (e.g., a phishing site) is attempting to acquire their userid/password for non-legitimate purposes.